4 matches found
WordPress CM Email Registration Blacklist and Whitelist Plugin < 1.4.9 is vulnerable to Cross Site Request Forgery (CSRF)
Software CM Email Registration Blacklist and Whitelist Type Plugin Vulnerable versions 1.4.9 Fixed in 1.4.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-5167 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 352ac64ce637...
CVE-2024-5167
creationtimestamp| type| source ---|---|--- 2024-07-13 08:49:44+00:00| seen| https://t.me/cvedetector/806...
CVE-2024-5167 CM Email Registration Blacklist and Whitelist < 1.4.9 - Add/Delete Emails via CSRF Add and delete any item from blacklist/whitelist
The CM Email Registration Blacklist and Whitelist WordPress plugin before 1.4.9 does not have CSRF check when adding or deleting an item from the blacklist or whitelist, which could allow attackers to make a logged in admin add or delete settings from the blacklist or whitelist menu via a CSRF...
CVE-2024-5167 CM Email Registration Blacklist and Whitelist < 1.4.9 - Add/Delete Emails via CSRF Add and delete any item from blacklist/whitelist
The CM Email Registration Blacklist and Whitelist WordPress plugin before 1.4.9 does not have CSRF check when adding or deleting an item from the blacklist or whitelist, which could allow attackers to make a logged in admin add or delete settings from the blacklist or whitelist menu via a CSRF...